Difference between revisions of "stoney core: Authentication Resource - REST API"
From stoney cloud
| [unchecked revision] | [unchecked revision] |
m (Michael moved page stoney core: Authentications Resource - REST API to stoney core: Authentication Resource - REST API) |
(→Auth retrieval (GET) example) |
||
| Line 31: | Line 31: | ||
Content-Type: application/json; charset=UTF-8 | Content-Type: application/json; charset=UTF-8 | ||
</pre> | </pre> | ||
| − | + | ||
| + | <source lang='javascript'> | ||
| + | { | ||
| + | "authenticatedAs": "user@example.com", | ||
| + | "roles": [ "Virtualization Admin", "Backup User"], | ||
| + | "location": "https://api.selfcare.com/v1/people/4000123" | ||
| + | } | ||
| + | </source> | ||
| + | |||
[[Category: REST API]] | [[Category: REST API]] | ||
Revision as of 17:58, 9 January 2014
Auth action
To give a client the possibility of verifying username and password, a pseudo-ressource is provided, the only method implemented is the GET.
Auth retrieval (GET)
Auth retrieval (GET) example
To verify the authentication the clients sends a HTTP GET request on the auth's resource URI https://api.example.com/v1/auth.
The service responds with a HTTP status code:
- 200 (OK) on success
- 401 (Unauthorized) on authentication failure
- 429 (Too Many Requests)
The service must never return 403 or similar to avoid attacks which try to figure out which users exist and which do not.
Request:
GET /v1/auth/ HTTP 1.1 HOST: api.example.com AUTHORIZATION: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Accept: application/json
Answer:
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
{ "authenticatedAs": "user@example.com", "roles": [ "Virtualization Admin", "Backup User"], "location": "https://api.selfcare.com/v1/people/4000123" }
